This document discusses the evolution of distributed denial of service (DDoS) attacks and how they are increasingly being offered as a service. It outlines how early DDoS attacks targeted the application layer but now exploit infrastructure as a service (IaaS) and DNS amplification. The document predicts that software as a service (SaaS) will be exploited for DDoS attacks and provides examples of how legitimate load testing services can be abused to launch hard to trace attacks against victims. It concludes by noting analytics services and other online tools that could enable DDoS attacks if used without conscience.